[webspider]

Before anyone complains this is purely for testing a new script I have developed to see if there are any obvious holes in it. You hear a lot about session hacking so I thought it was something worth learning more about.

I have developed a script for a login area to a simple CMS and I want to know how hackers get in and exploit sessions so that I know where I should be looking for holes. I'm not expecting anyone to post hacking code here, just pointers to what I should look out for.

Basically I'm using a form to post user and password to a session script that starts the session and starts a timer. Every time the user navigates inside the admin area the timer is reset but will log the person out if they are inactive for 20mins. Is this the right approach and have I missed anything obvious.

Thanks in advance for your time. -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --

[webspider]

Before anyone complains this is purely for testing a new script I have developed to see if there are any obvious holes in it. You hear a lot about session hacking so I thought it was something worth learning more about.

I have developed a script for a login area to a simple CMS and I want to know how hackers get in and exploit sessions so that I know where I should be looking for holes. I'm not expecting anyone to post hacking code here, just pointers to what I should look out for.

Basically I'm using a form to post user and password to a session script that starts the session and starts a timer. Every time the user navigates inside the admin area the timer is reset but will log the person out if they are inactive for 20mins. Is this the right approach and have I missed anything obvious.

Thanks in advance for your time. -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --